Secure Installation and Operation of Your ColorQube™
9201/9202/9203
Purpose and Audience
This
document provides information on the secure installation and operation of a ColorQube™ 9201/9202/9203 Multifunction
System. All customers, but particularly those concerned with secure installation and operation of these machines, should follow
these guidelines.
Overview
This document lists some important customer information and guidelines that will ensure that your ColorQube™
9201/9202/9203 Multifunction System is operated and maintained in a secure manner.
Background
The ColorQube™ 9201/9202/9203 Multifunction System is currently undergoing Common Criteria evaluation. The information
provided here is consistent with the security functional claims made in the Security Target. Upon completion of the evaluation,
the
Security
Target
will
be
available
from
the
Common
Criteria
Certified
Product
website
(http://www.commoncriteriaportal.org/products.html) list of evaluated products, from the Xerox security website
(http://www.xerox.com/information-security/common-criteria-certified/enus.html ), or from your Xerox representative.
1.
Please follow the guidelines below for secure installation, setup and operation of the evaluated configuration
1
for a
ColorQube™ 9201/9202/9203 Multifunction System:
a).
The security functions in the evaluated configuration of the ColorQube™ 9201/9202/9203 that should be set up by the
System Administrator are:
•
Immediate Image Overwrite
•
On Demand Image Overwrite
•
Disk Encryption
•
IP Filtering
•
Audit Log
•
SSL (for protection of management data)
•
IPSec
•
SNMP v3
•
Trusted Certificate Authorities
•
Local, Remote or CAC/PIV Authentication
•
Local Authorization and Personalization
•
802.1x Device Authentication
•
Session Inactivity Timeout
System Administrator login is required when accessing the security features of a ColorQube™ 9201/9202/9203 machine via
the Web User Interface (Web UI) or when implementing the guidelines and recommendations specified in this document.
To log in to the Web UI as an authenticated System Administrator, follow the instructions under “CentreWare Internet
Services” located on page 2-6 in the System Administration Guide (SAG)
2
.
To log in to the Local User Interface (Local UI) as an authenticated System Administrator, follow the “Administrator Access”
instructions located on page 2-4 in the SAG.
Follow the instructions located in the SAG in Chapter 8, Security to set up these security functions except as noted in the
items below. Note that whenever the SAG
requires that the System Administrator provide an IPv4 address, IPv6 address or
port number the values should be those that pertain to the particular device being configured.
b).
The following services of the ColorQube™ 9201/9202/9203 are also considered part of the evaluated configuration and
should be enabled when needed by the System Administrator - Copy, Embedded Fax, Scan to E-mail, Workflow Scanning,
Scan to Mailbox and Internet Fax.
The following services of the ColorQube™ 9201/9202/9203 are to be disabled as part of the evaluated configuration -
Network Accounting, Copy/Print Store and Reprint (may also called “Save for Reprint”/“Reprint Saved Jobs”) and the
Extensible Interface Platform (may also called “Extensible Services” or “Custom Services”).
1
The term “evaluated configuration” will be used throughout this document to refer to the configuration of the ColorQube™ 9201/9202/9203
Multifunction System that is currently undergoing Common Criteria evaluation.
2
ColorQube™ 9201/9202/9203 System Administration Guide, Document Version : 1.0 (05/09)
